1 files changed, 84 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
new file mode 100644
index 00000000..caa2e8d8
--- /dev/null
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/IJoseTools.java
@@ -0,0 +1,84 @@
+package at.gv.egiz.eaaf.modules.auth.sl20.utils;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import javax.annotation.Nonnull;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.lang.JoseException;
+import com.fasterxml.jackson.databind.JsonNode;
+
+public interface IJoseTools {
+
+  /**
+   * Create a JWS signature.
+   *
+   * @param payLoad Payload to sign
+   * @throws SlCommandoBuildException In case of a signature creation error
+   */
+  public String createSignature(String payLoad) throws SlCommandoBuildException;
+
+  /**
+   * Validates a signed SL2.0 message.
+   *
+   * @param serializedContent Serialized JWS signature
+   * @return Verification-result DAO
+   * @throws SL20Exception In case of a signature validation error
+   */
+  @Nonnull
+  public VerificationResult validateSignature(@Nonnull String serializedContent)
+      throws SL20Exception;
+
+  /**
+   * Validate a JWS signature.
+   *
+   * @param serializedContent JWS in serialized form
+   * @param trustedCerts trusted X509 certificates
+   * @param constraints signature verification constraints
+   * @return Signature-verification result
+   * @throws JoseException In case of a signature verification error
+   * @throws IOException In case of a general IO error
+   */
+  @Nonnull
+  public VerificationResult validateSignature(@Nonnull String serializedContent,
+      @Nonnull List<X509Certificate> trustedCerts, @Nonnull AlgorithmConstraints constraints)
+      throws JoseException, IOException;
+
+  /**
+   * Validate a JWS signature.
+   *
+   * @param serializedContent JWS in serialized form
+   * @param trustStore with trusted X509 certificates
+   * @param algconstraints signature verification constraints
+   * @return Signature-verification result
+   * @throws JoseException In case of a signature verification error
+   * @throws IOException In case of a general IO error
+   * @throws KeyStoreException In case of TrustStore error
+   */
+  @Nonnull
+  public VerificationResult validateSignature(@Nonnull String serializedContent,
+      @Nonnull KeyStore trustStore, @Nonnull AlgorithmConstraints algconstraints)
+      throws JoseException, IOException, KeyStoreException;
+
+  /**
+   * Get the encryption certificate for SL2.0 End-to-End encryption.
+   *
+   * @return
+   */
+  public X509Certificate getEncryptionCertificate();
+
+  /**
+   * Decrypt a serialized JWE token.
+   *
+   * @param compactSerialization Serialized JWE token
+   * @return decrypted payload
+   * @throws SL20Exception In case of a decryption error
+   */
+  public JsonNode decryptPayload(String compactSerialization) throws SL20Exception;
+
+}